Installable ADR and SPEC extension pack for digital-signature and container governance.

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cobycloud from gravatar.com cobycloud
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags ssot , ssot-registry , extension-pack , digital-signature , signature , pades , xades , cades , asic , timestamping , validation , governance , adr , spec , uv
  • Requires: Python <3.15, >=3.10
Classifiers
Report project as malware

Project description

digital-signature-governance-pack

GitHub repo License CI

digital-signature-governance-pack is an SSOT Registry pack for digital-signature, advanced electronic signature, container, timestamping, validation, archival, and assurance-language governance.

It gives product, platform, and compliance teams a reusable ADR/SPEC starting point for repositories that need to govern PAdES, XAdES, CAdES, ASiC-S, ASiC-E, validation reports, timestamping, certificate and revocation handling, long-term archival evidence, and constrained eIDAS-facing claim language.

What Is An SSOT Registry Pack?

An SSOT Registry pack is an installable package of governed Architecture Decision Records (ADRs) and Specifications (SPECs) for ssot-registry. The pack supplies reusable decision and requirement documents that downstream repositories can synchronize into their local .ssot registry and link to features, tests, claims, evidence, and releases.

Domain Focus

The initial review surface is grounded in TrustSig's signature_and_container_standards_matrix.md and covers:

  • ETSI PAdES, XAdES, CAdES, and ASiC family standards
  • baseline levels B-B, B-T, B-LT, and B-LTA
  • PDF signature standards and ISO PDF extensions
  • W3C XML Signature and canonicalization surfaces
  • CMS, timestamping, PKIX, OCSP, ERS, XMLERS, and related RFCs
  • validation result and validation report modeling
  • cryptographic suite policy and algorithm allowlists
  • regulatory-language boundaries for eIDAS-related claims

Included ADRs

  • adr:0900 digital-signature standards targets are reviewed before governance inclusion

Included SPECs

  • spc:0900 digital-signature governance target review

Proposed ADR And SPEC Set

The first detailed proposal is documented in:

Digital Signature ADR/SPEC Proposal

The source standards matrix copied from TrustSig is available at:

Signature and Container Standards Matrix

Programmatic Usage

from digital_signature_governance_pack import load_document_manifest, read_packaged_document_text

adr_manifest = load_document_manifest("adr")
spec_manifest = load_document_manifest("spec")

print(adr_manifest[0]["id"])
print(spec_manifest[0]["id"])

text = read_packaged_document_text("spec", "SPEC-0900-digital-signature-governance-target-review.yaml")
print(text[:120])

Resources

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for cobycloud from gravatar.com cobycloud
Meta

Unverified details

These details have not been verified by PyPI
Meta
  • License Expression: Apache-2.0
    SPDX License Expression
  • Tags ssot , ssot-registry , extension-pack , digital-signature , signature , pades , xades , cades , asic , timestamping , validation , governance , adr , spec , uv
  • Requires: Python <3.15, >=3.10
Classifiers

Release history Release notifications | RSS feed

0.1.2

0.1.1.dev2 pre-release

This version

0.1.1.dev1 pre-release

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

digital_signature_governance_pack-0.1.1.dev1.tar.gz (11.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

digital_signature_governance_pack-0.1.1.dev1-py3-none-any.whl (12.4 kB view details)

Uploaded Python 3

File details

Details for the file digital_signature_governance_pack-0.1.1.dev1.tar.gz.

File metadata

File hashes

Hashes for digital_signature_governance_pack-0.1.1.dev1.tar.gz
Algorithm Hash digest
SHA256 b2ce8626f3e4c21d2aa3cfc5bea1ed9087dd0e1f2c7fb878030b550e7c3fd547
MD5 de2cdee5f5436181020d7107f44b4ec8
BLAKE2b-256 6fdaab5f73380729a909f50362a3de244ce7afb2b35d0b81efe8c729f8103ffb

See more details on using hashes here.

Provenance

The following attestation bundles were made for digital_signature_governance_pack-0.1.1.dev1.tar.gz:

Publisher: publish.yml on groupsum/digital-signature-governance-pack

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file digital_signature_governance_pack-0.1.1.dev1-py3-none-any.whl.

File metadata

File hashes

Hashes for digital_signature_governance_pack-0.1.1.dev1-py3-none-any.whl
Algorithm Hash digest
SHA256 026ccc638513caf29a161960ca34e1c9ca2d7ab522d0e29948d2961ffad355d8
MD5 913963eea5e6754b079adb513c32cf4a
BLAKE2b-256 78e2ead654c2df1caecde8005e19d8617821700b18db5c770a32b0f1e9be4c30

See more details on using hashes here.

Provenance

The following attestation bundles were made for digital_signature_governance_pack-0.1.1.dev1-py3-none-any.whl:

Publisher: publish.yml on groupsum/digital-signature-governance-pack

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page